Skip to content

Fetch CPython from an Astral mirror by default#18207

Merged
zsol merged 4 commits intomainfrom
zsol/jj-rloqonmussxw
Mar 3, 2026
Merged

Fetch CPython from an Astral mirror by default#18207
zsol merged 4 commits intomainfrom
zsol/jj-rloqonmussxw

Conversation

@zsol
Copy link
Member

@zsol zsol commented Feb 26, 2026
edited
Loading

This PR introduces a default mirror for CPython downloads, which is used if no user-configured mirror is set. In this case, CPython is fetched from https://releases.astral.sh, with a fallback to the canonical GitHub URL if the Astral mirror is not available.

While this is a change in behavior, it is not considered a breaking change because on a typical environment where releases.astral.sh is not available, CPython is still fetched from the canonical GitHub URL - transparently to the user.

Note

We should not merge this before cpython releases are automatically published to our mirrors (astral-sh/python-build-standalone#988)

The fallback and retry mechanisms interact like so:

  • on any download-related failure (e.g. network errors, or non-success HTTP status codes) observed during fetching from the mirror, GitHub is immediately attempted as a fallback
  • other errors (e.g. hash mismatch, extraction failure) immediately fail the entire download without fallback or retry
  • retries (and their backoff) are attempted after the GitHub fallback also failed with a retriable error

@codspeed-hq
Copy link

codspeed-hq bot commented Feb 26, 2026
edited
Loading

Merging this PR will not alter performance

✅ 5 untouched benchmarks

Comparing zsol/jj-rloqonmussxw (bb6966a) with main (fa116ef)

Open in CodSpeed

zanieb
zanieb reviewed Feb 26, 2026
View reviewed changes
zanieb
zanieb reviewed Feb 26, 2026
View reviewed changes
zanieb
zanieb reviewed Feb 26, 2026
View reviewed changes
@zsol zsol force-pushed the zsol/jj-rloqonmussxw branch 2 times, most recently from 06a7f87 to baa1f98 Compare February 27, 2026 12:15
zsol added 2 commits February 27, 2026 16:47
@zsol
Fetch CPython from an Astral mirror by default
149760b 
This PR introduces a default mirror for CPython downloads, which is used if no user-configured mirror is set. In this case, CPython is fetched from `https://releases.astral.sh`, with a fallback to the canonical GitHub URL if the Astral mirror is not available.

While this is a change in behavior, it is not considered a breaking change because on a typical environment where `releases.astral.sh` is not available, CPython is still fetched from the canonical GitHub URL - transparently to the user.
@zsol
Address feedback
44f1455
@zsol zsol force-pushed the zsol/jj-rloqonmussxw branch from baa1f98 to 44f1455 Compare February 27, 2026 16:48
@zsol zsol marked this pull request as ready for review February 27, 2026 17:58
@zsol zsol marked this pull request as draft February 27, 2026 17:59
@hingebase hingebase mentioned this pull request Mar 1, 2026
Merged
konstin
konstin reviewed Mar 1, 2026
View reviewed changes
@zsol zsol marked this pull request as ready for review March 2, 2026 11:13
@konstin konstin added the enhancement New feature or improvement to existing functionality label Mar 2, 2026
konstin
konstin reviewed Mar 2, 2026
View reviewed changes
@zsol zsol force-pushed the zsol/jj-rloqonmussxw branch from 2254a37 to bb6966a Compare March 2, 2026 15:31
@zsol zsol merged commit ce4b9a4 into main Mar 3, 2026
53 checks passed
@zsol zsol deleted the zsol/jj-rloqonmussxw branch March 3, 2026 12:02
@BrewTestBot BrewTestBot mentioned this pull request Mar 3, 2026
Merged
@natemcintosh
Copy link

natemcintosh commented Mar 4, 2026

Can I ask why this change? Are downloads from canonical GitHub URL not fast enough? Something else?

@konstin
Copy link
Member

konstin commented Mar 4, 2026

GitHub is notoriously unreliable, both in uptime (https://mrshu.github.io/github-statuses/) and in network reliability. We see so many failures both in our CI and in user reports that are caused by GitHub responding with various error. To increase reliability, we've built this cloudflare mirror.

@charliermarsh
Copy link
Member

charliermarsh commented Mar 4, 2026

Yeah, this is driven by reliability. We now attempt to fetch from a CDN; if that fails, we fall back to GitHub.

@edmorley
Copy link
Contributor

edmorley commented Mar 4, 2026
edited
Loading

In our buildpacks we don't use the install.sh script but download the archives of whatever uv version we have pinned directly from GitHub releases.

Is it safe for us to switch from eg:
https://github.com/astral-sh/uv/releases/download/0.10.8/uv-aarch64-unknown-linux-gnu.tar.gz

...to:
https://releases.astral.sh/github/uv/releases/download/0.10.8/uv-aarch64-unknown-linux-gnu.tar.gz

(Asking in case the URL scheme/work here is still in flux, given https://astral.sh/uv/install.sh still redirects to GitHub etc)

Also, sorry this is really more a question for the related #18191 - I posted here since there was already a discussion started.

@zsol
Copy link
Member Author

zsol commented Mar 4, 2026

Yeah it should be safe to switch, we're unlikely to change the mirror's url scheme at this point. The artifacts should be same, their sha256 checksums are - expected to match what's in the github releases.

We'll be slowly migrating everything to fetch from the mirror first and fall back to github.

tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Mar 11, 2026
build(deps): update uv to v0.10.9
a8a79c7 
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [uv](https://github.com/astral-sh/uv) | patch | `0.10.7` → `0.10.9` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>astral-sh/uv (uv)</summary>

### [`v0.10.9`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0109)

[Compare Source](astral-sh/uv@0.10.8...0.10.9)

Released on 2026-03-06.

##### Enhancements

- Add `fbgemm-gpu`, `fbgemm-gpu-genai`, `torchrec`, and `torchtune` to the PyTorch list ([#&#8203;18338](astral-sh/uv#18338))
- Add torchcodec to PyTorch List ([#&#8203;18336](astral-sh/uv#18336))
- Log the duration we took before erroring ([#&#8203;18231](astral-sh/uv#18231))
- Warn when using `uv_build` settings without `uv_build` ([#&#8203;15750](astral-sh/uv#15750))
- Add fallback to `/usr/lib/os-release` on Linux system lookup failure ([#&#8203;18349](astral-sh/uv#18349))
- Use `cargo auditable` to include SBOM in uv builds ([#&#8203;18276](astral-sh/uv#18276))

##### Configuration

- Add an environment variable for `UV_VENV_RELOCATABLE` ([#&#8203;18331](astral-sh/uv#18331))

##### Performance

- Avoid toml `Document` overhead ([#&#8203;18306](astral-sh/uv#18306))
- Use a single global workspace cache ([#&#8203;18307](astral-sh/uv#18307))

##### Bug fixes

- Continue on trampoline job assignment failures ([#&#8203;18291](astral-sh/uv#18291))
- Handle the hard link limit gracefully instead of failing ([#&#8203;17699](astral-sh/uv#17699))
- Respect build constraints for workspace members ([#&#8203;18350](astral-sh/uv#18350))
- Revalidate editables and other dependencies in scripts ([#&#8203;18328](astral-sh/uv#18328))
- Support Python 3.13+ on Android ([#&#8203;18301](astral-sh/uv#18301))
- Support `cp3-none-any` ([#&#8203;17064](astral-sh/uv#17064))
- Skip tool environments with broken links to Python on Windows ([#&#8203;17176](astral-sh/uv#17176))

##### Documentation

- Add documentation for common marker values ([#&#8203;18327](astral-sh/uv#18327))
- Improve documentation on virtual dependencies ([#&#8203;18346](astral-sh/uv#18346))

### [`v0.10.8`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0108)

[Compare Source](astral-sh/uv@0.10.7...0.10.8)

Released on 2026-03-03.

##### Python

- Add CPython 3.10.20
- Add CPython 3.11.15
- Add CPython 3.12.13

##### Enhancements

- Add Docker images based on Docker Hardened Images ([#&#8203;18247](astral-sh/uv#18247))
- Add resolver hint when `--exclude-newer` filters out all versions of a package ([#&#8203;18217](astral-sh/uv#18217))
- Configure a real retry minimum delay of 1s ([#&#8203;18201](astral-sh/uv#18201))
- Expand `uv_build` direct build compatibility ([#&#8203;17902](astral-sh/uv#17902))
- Fetch CPython from an Astral mirror by default ([#&#8203;18207](astral-sh/uv#18207))
- Download uv releases from an Astral mirror in installers by default ([#&#8203;18191](astral-sh/uv#18191))
- Add SBOM attestations to Docker images ([#&#8203;18252](astral-sh/uv#18252))
- Improve hint for installing meson-python when missing as build backend ([#&#8203;15826](astral-sh/uv#15826))

##### Configuration

- Add `UV_INIT_BARE` environment variable for `uv init` ([#&#8203;18210](astral-sh/uv#18210))

##### Bug fixes

- Prevent `uv tool upgrade` from installing excluded dependencies ([#&#8203;18022](astral-sh/uv#18022))
- Promote authentication policy when saving tool receipts ([#&#8203;18246](astral-sh/uv#18246))
- Respect exclusions in scripts ([#&#8203;18269](astral-sh/uv#18269))
- Retain default-branch Git SHAs in `pylock.toml` files ([#&#8203;18227](astral-sh/uv#18227))
- Skip installed Python check for URL dependencies ([#&#8203;18211](astral-sh/uv#18211))
- Respect constraints during `--upgrade` ([#&#8203;18226](astral-sh/uv#18226))
- Fix `uv tree` orphaned roots and premature deduplication ([#&#8203;17212](astral-sh/uv#17212))

##### Documentation

- Mention cooldown and tweak inline script metadata in dependency bots documentation ([#&#8203;18230](astral-sh/uv#18230))
- Move cache prune in GitLab to `after_script` ([#&#8203;18206](astral-sh/uv#18206))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTcuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90IiwiYXV0b21hdGlvbjpib3QtYXV0aG9yZWQiLCJkZXBlbmRlbmN5LXR5cGU6OnBhdGNoIl19-->
edmorley added a commit to heroku/heroku-buildpack-python that referenced this pull request Mar 12, 2026
@edmorley
Download uv from releases.astral.sh instead of GitHub releases
57c6951 
Since Astral now mirror uv releases to `releases.astral.sh`, which
is backed by Cloudflare R2 / CDN, and so is more reliable than
GitHub releases.

See:
astral-sh/uv#18207 (comment)

GUS-W-21561065.
edmorley added a commit to heroku/buildpacks-python that referenced this pull request Mar 12, 2026
@edmorley
Download uv from releases.astral.sh instead of GitHub releases
4cad782 
Since Astral now mirror uv releases to `releases.astral.sh`, which
is backed by Cloudflare R2 / CDN, and so is more reliable than
GitHub releases.

See:
astral-sh/uv#18207 (comment)

GUS-W-21561065.
edmorley added a commit to heroku/buildpacks-python that referenced this pull request Mar 12, 2026
@edmorley
Download uv from releases.astral.sh instead of GitHub releases
bbd5c0d 
Since Astral now mirror uv releases to `releases.astral.sh`, which
is backed by Cloudflare R2 / CDN, and so is more reliable than
GitHub releases.

See:
astral-sh/uv#18207 (comment)

GUS-W-21561072.
This was referenced Mar 12, 2026
Merged
Merged
edmorley added a commit to heroku/heroku-buildpack-python that referenced this pull request Mar 12, 2026
@edmorley
Download uv from releases.astral.sh instead of GitHub releases (#2050)
108a416 
Since Astral now mirror uv releases to `releases.astral.sh`, which
is backed by Cloudflare R2 / CDN, and so is more reliable than
GitHub releases.

See:
astral-sh/uv#18207 (comment)

GUS-W-21561065.
edmorley added a commit to heroku/buildpacks-python that referenced this pull request Mar 12, 2026
@edmorley
Download uv from releases.astral.sh instead of GitHub releases (#524)
a6c5033 
Since Astral now mirror uv releases to `releases.astral.sh`, which
is backed by Cloudflare R2 / CDN, and so is more reliable than
GitHub releases.

See:
astral-sh/uv#18207 (comment)

GUS-W-21561072.
@zsol zsol linked an issue Mar 16, 2026 that may be closed by this pull request
Fetch release assets from releases.astral.sh first #18503
Open
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zanieb zanieb zanieb left review comments

@konstin konstin konstin approved these changes

Assignees

No one assigned

Labels

enhancement New feature or improvement to existing functionality

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fetch release assets from releases.astral.sh first

6 participants

@zsol @natemcintosh @konstin @charliermarsh @edmorley @zanieb